EPA readying data exchange network

The Environmental Protection Agency is pushing Web services to its limit and by Dec. 31 should have the biggest operational network using this technology, a senior agency official said.

Kim Nelson, EPA's CIO, yesterday said she expects 20 states to use the Central Data Exchange, part of the National Environmental Information Exchange Network, by the end of the year. CDX will let state environmental agencies and other stakeholders submit data to EPA and let users search and analyze information.

'We are behind on our project goals, but part of that is because the Web services tools are not keeping pace with what we want to do,' Nelson said at the FSI Outlook Conference in Vienna, Va.

Nelson said seven states'Delaware, Maine, Mississippi, Nebraska, New Hampshire, New Mexico and Utah'are sending in data through the network.

'Our goal is to ensure states are the stewards of their own data but share that data based on an agreed-upon set of standards using Extensible Markup Language,' she said. 'Ultimately, the portal will allow anyone in the state organization to log on and send data and use EPA's services.'

EPA also plans to set up a prototype information exchange network by September, which will collect air quality information and provide federal and state users access to the data.

This will be the first time EPA's IT project team puts together all the pieces of the exchange network, which also will include portal software as well as rules for identification management and data warehousing and access.

In addition to progress on its information networks, Nelson said EPA this summer would complete a five-year effort to establish identity management and cybersecurity standards for the electronic reporting of data to EPA and state agencies.

Nelson said EPA will send the rule to the Office of Management and Budget in the next few weeks and is hopeful the final rule will be released in June or July.

'The final rule will require any agency sending information to EPA to send us a description of their system, and we will certify whether it meets the security standards, which include how the person sending the information is identified, how to validate the person sending the information and non-repudiation agreements,' Nelson said.